b"           OFFICE OF\n    THE INSPECTOR GENERAL\n\n\nSOCIAL SECURITY ADMINISTRATION\n\n\n\n      ADMINISTRATIVE COSTS\n         CLAIMED BY THE\n      MINNESOTA DISABILITY\n     DETERMINATION SERVICES\n\n     September 2004   A-05-04-14036\n\n\n\n\n AUDIT REPORT\n\x0c                                    Mission\nWe improve SSA programs and operations and protect them against fraud, waste,\nand abuse by conducting independent and objective audits, evaluations, and\ninvestigations. We provide timely, useful, and reliable information and advice to\nAdministration officials, the Congress, and the public.\n\n                                   Authority\nThe Inspector General Act created independent audit and investigative units,\ncalled the Office of Inspector General (OIG). The mission of the OIG, as spelled\nout in the Act, is to:\n\n  \xc2\x81 Conduct and supervise independent and objective audits and\n    investigations relating to agency programs and operations.\n  \xc2\x81 Promote economy, effectiveness, and efficiency within the agency.\n  \xc2\x81 Prevent and detect fraud, waste, and abuse in agency programs and\n    operations.\n  \xc2\x81 Review and make recommendations regarding existing and proposed\n    legislation and regulations relating to agency programs and operations.\n  \xc2\x81 Keep the agency head and the Congress fully and currently informed of\n    problems in agency programs and operations.\n\n  To ensure objectivity, the IG Act empowers the IG with:\n\n  \xc2\x81 Independence to determine what reviews to perform.\n  \xc2\x81 Access to all information necessary for the reviews.\n  \xc2\x81 Authority to publish findings and recommendations based on the reviews.\n\n                                     Vision\nBy conducting independent and objective audits, investigations, and evaluations,\nwe are agents of positive change striving for continuous improvement in the\nSocial Security Administration's programs, operations, and management and in\nour own office.\n\x0c                                          SOCIAL SECURITY\n\nMEMORANDUM\nDate:       September 21, 2004                                                    Refer To:\n\nTo:         James F. Martin\n            Regional Commissioner\n             Chicago\n\nFrom:       Assistant Inspector General\n             for Audit\n\nSubject: Administrative Costs Claimed by the Minnesota Disability Determination Services\n            (A-05-04-14036)\n\n\n            OBJECTIVES\n            The objectives of our audit were to (1) evaluate Minnesota Disability Determination\n            Services\xe2\x80\x99 (MN-DDS) internal controls over the accounting and reporting of\n            administrative costs, (2) determine whether costs claimed were allowable and properly\n            allocated and funds were properly drawn, and (3) assess limited areas of the\n            electronic data processing general controls environment.\n\n            BACKGROUND\n            Disability determinations under both Disability Insurance and Supplemental Security\n            Income are performed by Disability Determination Services (DDS) in each State or\n            other responsible jurisdictions. Such determinations are required to be performed in\n            accordance with Federal law and underlying regulations.1 In carrying out its\n            obligation, each DDS is responsible for determining claimants\xe2\x80\x99 disabilities and\n            ensuring that adequate evidence is available to support its determinations.2\n\n\n\n\n        1\n            42 U.S.C. \xc2\xa7 421; 20 C.F.R. \xc2\xa7\xc2\xa7 404.1601 et seq. and 416.1001 et seq.\n        2\n            20 C.F.R. \xc2\xa7\xc2\xa7 416.1013(a) and 416.1014(a)\n\x0cPage 2 \xe2\x80\x93 James F. Martin\n\n\nSSA reimburses the DDS for 100 percent of allowable program expenditures up to the\nlimit of its funding authority. The DDS draws Federal funds through the Department of\nthe Treasury\xe2\x80\x99s (Treasury) Automated Standard Application for Payments (ASAP)\nsystem in accordance with Federal Regulations3 and an intergovernmental agreement\nentered into by Treasury and the State of Minnesota under the Cash Management\nImprovement Act (CMIA).4\nThe MN-DDS submits a State Agency Report of Obligations for SSA Disability\nPrograms (Form SSA-4513) to SSA quarterly, for each Federal Fiscal Year (FY). These\nforms report cumulative disbursements of program funds and the remaining balance of\nunliquidated obligations.\nThe Minnesota Department of Employment and Economic Development (DEED) is the\nparent agency for the MN-DDS, which is located in St. Paul, Minnesota.5 See Appendix\nB for our Scope and Methodology.\n\n\nRESULTS OF REVIEW\nGenerally, the MN-DDS had effective internal controls over the accounting and reporting\nof administrative costs and the costs it claimed during our audit period were allowable.\nHowever, improvements were needed in the areas of cash management and general\nsecurity controls.\nCASH MANAGEMENT\n\nFunds to cover MN-DDS expenditures are drawn from the ASAP system. For each FY,\nthe MN-DDS is assigned an account identification number in ASAP. Cash draws made\nfrom the account identification number are to reimburse MN-DDS for expenditures\nincurred during the same period as the account identification number\xe2\x80\x99s FY reporting\nperiod.6\n\nWe found that the MN-DDS\xe2\x80\x99s former parent agency, Department of Economic Security\n(DES), drew funds from one FY\xe2\x80\x99s ASAP account to pay for another FY\xe2\x80\x99s expenditures.\nSpecifically, DES:\n\xe2\x80\xa2     Drew funds from the FY 2001 ASAP account to pay FY 2002 expenditures. This\n      caused cash draws for FY 2001 to exceed expenditures by $131,295, during the\n      quarter ended December 31, 2001. The incorrect cash draws were subsequently\n      corrected in the ASAP system.\n\n\n3\n    31 C.F.R. 205.\n4\n    Public Law 101-453,104 Stat. 1058.\n5\n During our audit period, the Minnesota Department of Economic Security was the MN-DDS\xe2\x80\x99s parent\nagency. DEED became the MN-DDS\xe2\x80\x99s parent agency in FY 2003.\n6\n    31 U.S.C. \xc2\xa7 1502.\n\x0cPage 3 \xe2\x80\x93 James F. Martin\n\n\n\xe2\x80\xa2     Drew funds from the FY 2002 ASAP account to pay FY 2003 expenditures. This\n      caused FY 2002 cash draws to exceed expenditures by $106,457, during the quarter\n      ended December 31, 2002. The incorrect cash draws were subsequently corrected\n      in the ASAP system.\n\nFederal statute states, \xe2\x80\x9cThe balance of an appropriation or fund limited for obligation to\na definite period is available only for payment of expenses properly incurred during the\nperiod of availability or to complete contracts properly made within that period of\navailability and obligated consistent with section 1501 of this title.\xe2\x80\x9d7\n\nWe did not review the cash draw procedures of the MN-DDS\xe2\x80\x99s new parent agency,\nDEED. However, SSA should ensure that the MN-DDS and DEED are aware of the\ncorrect cash draw procedures for Federal funds.\n\nGENERAL CONTROLS\n\nOur assessment of limited areas of the electronic data processing general controls\nenvironment disclosed that the MN-DDS needs to finalize the development of and\nimplement its contingency plan. Furthermore, the MN-DDS needs to identify and use\nan offsite storage facility for its electronic data backup files. The MN-DDS also needs to\nperform a risk assessment of its facility to determine if an intrusion detection system is\nneeded to properly secure the DDS\xe2\x80\x99s office space and if perimeter security is needed at\nthe secondary entrance door.8\n\nContingency Plan\n\nThe MN-DDS did not have a contingency plan to follow in the event of a disaster that\nimpacts DDS operations. SSA instructions state, \xe2\x80\x9cEvents may occur which will prevent\nnormal operations and interfere with the accomplishment of the mission of the DDS.\nBecause of this, each office must prepare a contingency plan.\xe2\x80\x9d9 The MN-DDS stated\nthat a contingency plan is under development. The delay in implementing the\ncontingency plan could result in a longer recovery period following a catastrophic event.\nThe implementation of a contingency plan should be a priority for the MN-DDS.\n\nElectronic Data Processing Backup Files\nData from the MN-DDS\xe2\x80\x99s Electronic Data Processing (EDP) systems is backed up daily\nand the files were stored in a fire-proof vault at the MN-DDS. However, DDS Security\nguidelines recommend that a copy of backup data files be stored at an offsite location.10\n\n7\n    31 U.S.C. \xc2\xa7 1502.\n\n8\n     DDS Security Document (September 2003), page 35.\n\n9\n    SSA, POMS, DI 39566.050.\n10\n     DDS Security Document (September 2003), page 58.\n\x0cPage 4 \xe2\x80\x93 James F. Martin\n\n\nThe MN-DDS stated that it plans to identify an offsite storage location. Until it does so,\nthere is a risk that the data files may be destroyed or be inaccessible under certain\nsituations. The identification of an offsite data storage facility should be a priority for the\nMN-DDS.\n\nIntrusion Detection System\n\nThe MN-DDS did not have an Intrusion Detection System (IDS). DDS Security\nguidelines state, \xe2\x80\x9cAn intrusion detection system is required in all facilities unless\ndetermined unnecessary (For example, office is located in a Government building with\n24-hour/day-guard service, and the guard has the ability to adequately monitor the DDS\nfacility).\xe2\x80\x9d11 MN-DDS did not have an IDS because it believes the facilities are\nadequately protected by the 24-hour guard stationed in the first floor lobby. However,\nthe guard may not be able to adequately monitor the MN-DDS\xe2\x80\x99s space, since he/she is\nlocated in the building\xe2\x80\x99s lobby. Furthermore, the MN-DDS is located in private office\nspace that is accessible to the general public. Accordingly, there is an increased risk\nthat unauthorized individuals could gain access to the MN-DDS\xe2\x80\x99s office space during\nnon-working hours and access the sensitive SSA information stored therein.\n\nSecondary Entrance Door\nOne of the MN-DDS\xe2\x80\x99s hallway entrance doors does not have a perimeter security\nmeasure, such as a peephole, security window or camera. The DDS Security\nguidelines state that \xe2\x80\x9c\xe2\x80\xa6perimeter doors should have peepholes if visibility is\nrestricted.\xe2\x80\x9d12 Although the MN-DDS has a camera to monitor the hallway near the\noffice\xe2\x80\x99s main entranceway, the secondary entrance door is too far from the camera to be\nadequately observed. The lack of a perimeter security measure prevents the MN-DDS\nstaff from seeing who is outside the door before it is opened and increases the risk of\nentry by an unauthorized individual.\n\nCONCLUSIONS AND RECOMMENDATIONS\nGenerally, the MN-DDS had effective internal controls over the accounting and reporting\nof administrative costs and the costs it claimed during our audit period were allowable.\nHowever, improvements were needed in the areas of cash management and general\nsecurity controls. Accordingly, we recommend that SSA instruct the MN-DDS and\nDEED to:\n\n      1. Ensure that funds drawn from a FY ASAP account identification number are used\n         only to pay expenditures incurred during the same period as the account\n         identification numbers FY reporting period.\n\n\n\n11\n     DDS Security Document (September 2003), page 36.\n\n12\n     DDS Security Document (September 2003), page 35.\n\x0cPage 5 \xe2\x80\x93 James F. Martin\n\n\n   2. Develop and implement a contingency plan that is in accordance with SSA\n      instructions.\n\n   3. Identify an offsite electronic data storage facility.\n\n   4. Perform a risk assessment to determine if an IDS is needed to properly secure\n      the DDS\xe2\x80\x99s office space as outlined in the DDS Security Document.\n\n   5. Perform a risk assessment to determine if a perimeter security measure is\n      needed for the secondary entrance door, for example a peephole, security\n      window or camera as outlined in the DDS Security Document.\n\nAGENCY COMMENTS\nIn commenting on our draft report, SSA agreed with our recommendations. See\nAppendix C for the full text of SSA\xe2\x80\x99s comments.\n\nDEED COMMENTS\nDEED did not agree with our recommendations that a risk assessment be performed to\ndetermine if an IDS is needed to properly secure the MN-DDS\xe2\x80\x99s office space and if\nperimeter security is needed at the secondary entrance door. DEED stated that the\nMN-DDS's current security measures, camera monitoring and recording and on-site\nbuilding security guards, meet the intent of SSA\xe2\x80\x99s physical security guidelines as\noutlined in the DDS Security Document. DEED further stated that staffing issues affect\nthe feasibility of an IDS. See Appendix D for the full text of DEED\xe2\x80\x99s comments.\n\nOIG RESPONSE\nWe remain committed to our recommendations. While we acknowledge DEED's\ncomments on its current physical security measures, the MN-DDS is not in compliance\nwith SSA's guidelines for DDS physical security. Specifically, SSA's physical security\nguidelines specify that an IDS is required in all DDS facilities unless determined\nunnecessary and that perimeter doors should have peepholes if visibility is restricted.\nWhen a DDS is unable to meet the physical security guidelines, SSA requires a risk\nassessment to be performed and included in its overall DDS Security Plan. The risk\nassessment should include specific elements, such as a description of the risk\nassociated with not implementing a physical security guideline.\n\n\n\n\n                                                  S                     for\n                                                  Steven L. Schaeffer\n\x0c                                    Appendices\nAppendix A \xe2\x80\x93 Acronyms\n\nAppendix B \xe2\x80\x93 Scope and Sampling Methodology\n\nAppendix C \xe2\x80\x93 Agency Comments\n\nAppendix D \xe2\x80\x93 DEED Comments\n\nAppendix E \xe2\x80\x93 OIG Contacts and Staff Acknowledgments\n\x0c                                                          Appendix A\n\nAcronyms\nASAP       Automated Standard Application for Payments\n\nC.F.R.     Code of Federal Regulations\n\nCMIA       Cash Management Improvement Act\n\nDEED       Minnesota Department of Employment & Economic Development\n\nDES        Department of Economic Security\n\nDDS        Disability Determination Services\n\nDoF        Department of Finance\n\nEDP        Electronic Data Processing\n\nFY         Fiscal Year\n\nIDS        Intrusion Detection System\n\nMN-DDS     Minnesota Disability Determination Services\n\nPOMS       Program Operations Manual System\n\nSESAS      State Employment Security Agency System\n\nSSA        Social Security Administration\n\nSSA-4513   State Agency Report of Obligations for SSA Disability Programs\n\nTreasury   Department of the Treasury\n\nU.S.C.     United States Code\n\x0c                                                                     Appendix B\n\nScope and Sampling Methodology\nSCOPE\n\nTo achieve our objectives, we:\n\n \xe2\x80\xa2   Reviewed applicable Federal law and regulations, pertinent parts of Social Security\n     Administration (SSA)\xe2\x80\x99s Program Operations Manual System (POMS) and other\n     criteria relevant to administrative costs claimed by Minnesota Disability\n     Determination Services (MN-DDS) and drawdowns of SSA program grant funds.\n\n \xe2\x80\xa2   Reviewed reports issued by the Minnesota Office of the Legislative Auditor. These\n     reports presented the results of audits of the Minnesota Department of Economic\n     Security (DES) and the State Department of Finance (DOF). The DES was the\n     parent agency for MN-DDS during our audit period. The Minnesota Department of\n     Employment and Economic Development (DEED) took over the parent agency role\n     as a result of a State re-organization in 2003. The DOF is responsible for\n     maintaining the financial and information systems used by the State agencies.\n\n \xe2\x80\xa2   Interviewed staff and officials at MN-DDS, DEED, and SSA Chicago Regional\n     Office.\n\n \xe2\x80\xa2   Reviewed State policies and procedures related to personnel, medical services,\n     and all other nonpersonnel costs.\n\n \xe2\x80\xa2   Evaluated and tested internal controls regarding accounting, financial reporting and\n     cash management activities.\n\n \xe2\x80\xa2   Reconciled State accounting records to the administrative costs reported by MN-\n     DDS on the State Agency Report of Obligations for SSA Disability Programs\n     (Form SSA-4513) for Federal Fiscal Years (FY) 2001 and 2002.\n\n \xe2\x80\xa2   Reviewed the administrative costs MN-DDS reported on its Forms SSA-4513 for\n     FYs 2001 ($17,539,394) and 2002 ($18,727,156).\n\n \xe2\x80\xa2   Examined certain administrative expenditures (personnel, medical service, and all\n     other nonpersonnel costs) incurred and claimed by MN-DDS for FYs 2001 through\n     2002 on the Form SSA-4513. We used statistical sampling to select expenditures\n     to test for support of the medical service and all other nonpersonnel costs.\n\n \xe2\x80\xa2   Examined the indirect costs claimed by MN-DDS for FYs 2001 and 2002.\n\n\n\n\n                                          B-1\n\x0c \xe2\x80\xa2   Discussed indirect costs with the cognizant agency for Minnesota, the U.S.\n     Department of Labor.\n\n \xe2\x80\xa2   Compared the amount of SSA funds drawn for support of program operations to\n     the expenditures reported on the Form SSA-4513.\n\n \xe2\x80\xa2   Reviewed MN-DDS electronic data processing general controls and physical\n     security at their Metro Square complex offices in St. Paul, Minnesota.\n\nWe concluded that the electronic data used in our audit was sufficiently reliable to\nachieve our audit objectives. We assessed the reliability of the electronic data by\nreconciling it with the costs claimed on the Form SSA-4513. We also conducted\ndetailed audit testing on selected data elements from the electronic files.\n\nWe performed work at the MN-DDS and DEED in St. Paul, Minnesota and the Office of\nAudit in Chicago, Illinois. We conducted field work from October 2003 through\nMay 2004. The audit was conducted in accordance with generally accepted\ngovernment auditing standards.\n\nSAMPLING METHODOLOGY\n\nOur sampling methodology encompassed the four general areas of costs as reported on\nForm SSA-4513 (1) personnel, (2) medical, (3) indirect, and (4) all other nonpersonnel\ncosts. We obtained data extracts from DEED for FYs 2001 and 2002 to use in statistical\nsampling. Additionally, we randomly selected a month from the 2 year audit period and\nreviewed supporting documents for all Medical Consultants under contract to MN-DDS.\nWe also randomly selected one month from the audit period and reviewed all Non-DDS\nPersonnel Costs claimed as electronic data processing (EDP) Maintenance and\nMiscellaneous Costs on the SSA-4513.\n\nPersonnel Costs\n\nWe randomly selected one pay period (April 2002) in the most recent year under review.\nWe then selected a random sample of 50 employees for review and testing of the\npayroll records.\n\nFor medical consultant costs, we randomly selected one pay period (March 2002) from\nthe most recent year under review. We selected all medical consultants during that time\nperiod and verified that the medical consultants were paid in accordance with the\napproved contract.\n\n\n\n\n                                           B-2\n\x0cMedical Costs\n\nWe stratified medical costs into medical evidence of record and consultative\nexaminations, and selected a stratified random sample of 100 items (25 items from each\nstratum in FYs 2001 and 2002).\n\nIndirect Costs\n\nWe determined that the State Wide Indirect Cost Allocation to the parent agency (DES)\nwas performed using a Fixed Basis Cost Allocation Agreement approved by the\ncognizant Federal agency (U.S. Department of Health & Human Services). The amount\nallocated to each State department and agency was based on estimated central service\ncosts. In a subsequent fiscal year, the cognizant agency compared the actual costs for\nthat year with the estimated costs and adjusted the future year rate to compensate for\nthe difference. The Cost Allocation Agreement states that costs allocated to the State\ndepartments and agencies under the agreement are approved for further allocation to\nFederal grants, contracts and other agreements performed at those departments and\nagencies. We reviewed the State-Wide Allocation for the randomly-selected month of\nMay 2001, to verify that the State used the approved fixed amount to allocate central\nservice costs to the DES.\n\nWe determined that DES used the State Employment Security Agency System\n(SESAS) cost accounting system software, originally developed for the U.S. Department\nOf Labor - Employment and Training Assistance division, to allocate costs to all of its\ncomponents. This software takes all parent agency administrative costs that cannot be\ndirectly charged to a specific cost center and allocates these costs to all organizational\ncomponents of the agency, based on the relative percentage of full-time equivalents.\nThe allocation includes the parent agency\xe2\x80\x99s share of the State-Wide Indirect Cost\nAllocation. We reviewed the allocation of DES indirect costs in the randomly-selected\nmonth of April 2002, to verify that the SESAS software allocated the appropriate\npercentage of these costs to the MN-DDS.\n\n\n\n\n                                           B-3\n\x0cAll Other Nonpersonnel Costs\n\nWe separated Occupancy Costs from All Other Nonpersonnel Costs and treated them as\na separate population. We randomly selected one month of Occupancy Costs from\nFYs 2001 and 2002 for our review.\n\nWe stratified All Other Nonpersonnel costs into nine cost categories: (1) Contracted\nCosts; (2) EDP Maintenance; (3) Equipment Rental ; (4) Equipment Purchases,\n(5) Communications Costs; (6) Applicant Travel; (7) DDS Personnel Travel; (8) Supplies\nand (9) Miscellaneous Costs. We then extracted certain debit transactions from the EDP\nMaintenance and Miscellaneous Costs categories that represented charges for non-DDS\nPersonnel. From the remainder of All Other Nonpersonnel costs, we selected a stratified\nrandom sample of 50 items from each FY based on the percentage of costs in each\ncategory to total costs (excluding occupancy).\n\n\n\n\n                                         B-4\n\x0c                  Appendix C\n\nAgency Comments\n\x0c           -----Original Message-----\n           From: Jamison, Jim\n           Sent: Tuesday, September 14, 2004 9:54 AM\n           To: Schaeffer, Steve\n           Cc: Jamison, Jim; ||CHI ARC MOS; ||CHI ARC MOS CD; ||CHI ARC MOS CMR; ||CHI ORC; ||CHI OIG\n           Audit; ^DCDISP Audit; ^DCFAM AMLS Controls; ^DCO Audit; McMullen, Theresa; Kalmoe, Dean; Wise,\n           Ray; Roers, Wally; Moskop, Mark\n           Subject: Comments on Draft Report -- Minnesota DDS Administrative Costs Audit\n\n\n\n\n September 14, 2004                                                     Refer To: S2D5G2\n Refer\n\n\n To:       Assistant Inspector General\n           for Audit\n\n From:     Regional Commissioner\n           Chicago\n\nSubject:   Draft Report of Administrative Costs Claimed by the Minnesota Bureau of Disability\n           Determination Services (Your Request for Comments E-Mailed August 30, 2004) -- REPLY\n\n\n           Thank-you for the opportunity to comment on the subject report (A-05-04-14036).\n\n           We appreciate the efforts of your staff in conducting such a comprehensive review of DDS\n           activities. We have completed our review and concur with all five of your staff\xe2\x80\x99s findings.\n\n           Questions about this memorandum may be directed to Jim Jamison, Financial Management\n           Team Leader, at 312.575.4212.\n\n\n\n                                                        /s/\n                                                   James F. Martin\n\n\n\n\n           cc:   Deputy Commissioner for Operations\n                 Deputy Commissioner for Finance Assessment and Management\n                 Deputy Commissioner for Disability and Income Security Programs\n\x0c                Appendix D\n\nDEED Comments\n\x0cSeptember 13, 2004\n\nTo:           Steven L. Schaeffer, Assistant Inspector General for Audit, SSA\n              Mark Bailey, Director, Central Audit Division, SSA\n\nFrom:         Dennis Yecke, Deputy Commissioner, DEED\n\nRe:           OIG Federal Audit; A-05-04-14036 (08/30/04)\n\nDear Mr. Schaeffer:\n\nThe following is our written comments to your recommendations in the draft\nreport Administrative Costs Claimed by the Minnesota Disability Determination\nServices (A-05-04-14036).\n\nRecommendation 1.     Ensure that funds drawn from a FY ASAP account\nidentification number are used only to pay expenditures incurred during\nthe same period as the account identification numbers FY reporting\nperiod.\n\n        We agree. We will draw funds from the appropriate year.\n\nRecommendation 2.     Develop and implement a contingency plan that is\nin accordance with SSA instructions.\n\n       We agree. The State of Minnesota has directed all state departments to\nuse business continuation plan software known as LDRPS. The DDS is\nactively working with the department at this time on completion of an LDRPS\nplan. Printed reports generated from a completed LDRPS plan will fit all of the\nrequirements noted in the referenced POMS section, DI 39566.050. Since\nsome of the document entry into the LDRPS database is contingent on\nassistance from Parent Agency security employees, the DDS will need to\ncontinue working with the Parent Agency toward completion of the LDRPS\ngenerated plan. The plan is scheduled to be completed by December 31, 2004.\n\nRecommendation 3.         Identify an offsite electronic data storage facility.\n\n       We agree. Starting in September 2004, daily backup tapes will be stored\nat a separate, offsite, location of the Parent Agency.\n\nRecommendation 4.      Perform a risk assessment to determine if an\nintrusion detection system is needed to properly secure the DDS\xe2\x80\x99s office\nspace as outlined in the DDS Security Document.\n\n        We disagree. It is our contention that the current security measures\n\n\n\n                                        D-1\n\x0cSteven L. Schaeffer\nSeptember 13, 2004\nPage 2\n\nonce augmented with the additional cameras that have been requested (the\nrequest is still pending at SSA) adequately meet the intent of the referenced\nDDS Security Document and that an additional risk assessment is not\nnecessary.\n\n      The MN DDS has an electronic locking system in place for all entrance\nand exits to the DDS. Entry using an access coded card is electronically\nrecorded into a WIN-PAK database. During the duration of the audit, DDS\nupgraded its security to include 10 color video cameras which record to a one\nterabyte caliber (installed in late February, 2004). Each entry and emergency\nexit has at least one camera which records a picture every two seconds. We\ncurrently have a request pending at SSA to increase the number of cameras to\nallow coverage of other sensitive areas of the office such as the electrical closet,\nthe AS/400 room, the phone closet and the server room. Upon approval,\nadditional cameras will be installed and added to the caliber.\n\n      Various staffing issues affect the feasibility of an intrusion detection\nalarm. At various times, our system\xe2\x80\x99s employees need to access the work space\nduring non-working hours (computer maintenance). Adjudicators work an\nabundant amount of overtime throughout the year, when approved by the\nRegional Office. An intrusion detection alarm would create a new issue for our\nlandlord which is not currently addressed in our lease.\n\n     In view of our camera monitoring and recording, on-site building security\nguards 24/7 and personnel issues, we assert that our current security measures\nadequately meet the intent of the referenced DDS Security Document.\n\nRecommendation 5.     Perform a risk assessment to determine if a\nperimeter security measure is needed for the secondary entrance door, for\nexample a peephole, security window or camera as outlined in the DDS\nSecurity Document.\n\n      Please see reply for #4.\n\nSincerely,\n\n\n\nDennis J. Yecke\nDeputy Commissioner\n\ncc:   Matt Kramer\n      Wally Roers\n      John Stavros\n                                        D-2\n\x0c                                                                       Appendix E\n\nOIG Contacts and Staff Acknowledgments\nOIG Contacts\n      Mark Bailey, Director, Central Audit Division, (816) 936-5591\n\n      Teresa Williams, Audit Manager, (312) 353-0331\n\nAcknowledgments\nIn addition to those named above:\n\n      Robert Lenz, Senior Auditor\n\n      Anthony Lesniak, Auditor\n\n      Ken Bennett, Information Technology Specialist\n\n      Cheryl Robinson, Writer-Editor\n\nFor additional copies of this report, please visit our web site at www.ssa.gov/oig or\ncontact the Office of the Inspector General\xe2\x80\x99s Public Affairs Specialist at (410) 965-3218.\nRefer to Common Identification Number A-05-04-14036.\n\x0c                             DISTRIBUTION SCHEDULE\n\nCommissioner of Social Security\nOffice of Management and Budget, Income Maintenance Branch\nChairman and Ranking Member, Committee on Ways and Means\nChief of Staff, Committee on Ways and Means\nChairman and Ranking Minority Member, Subcommittee on Social Security\nMajority and Minority Staff Director, Subcommittee on Social Security\nChairman and Ranking Minority Member, Subcommittee on Human Resources\nChairman and Ranking Minority Member, Committee on Budget, House of\nRepresentatives\nChairman and Ranking Minority Member, Committee on Government Reform and\nOversight\nChairman and Ranking Minority Member, Committee on Governmental Affairs\nChairman and Ranking Minority Member, Committee on Appropriations, House of\nRepresentatives\nChairman and Ranking Minority, Subcommittee on Labor, Health and Human Services,\nEducation and Related Agencies, Committee on Appropriations,\n House of Representatives\nChairman and Ranking Minority Member, Committee on Appropriations, U.S. Senate\nChairman and Ranking Minority Member, Subcommittee on Labor, Health and Human\nServices, Education and Related Agencies, Committee on Appropriations, U.S. Senate\nChairman and Ranking Minority Member, Committee on Finance\nChairman and Ranking Minority Member, Subcommittee on Social Security and Family\nPolicy\nChairman and Ranking Minority Member, Senate Special Committee on Aging\nSocial Security Advisory Board\n\x0c               Overview of the Office of the Inspector General\nThe Office of the Inspector General (OIG) is comprised of our Office of Investigations (OI),\nOffice of Audit (OA), Office of the Chief Counsel to the Inspector General (OCCIG), and Office\nof Executive Operations (OEO). To ensure compliance with policies and procedures, internal\ncontrols, and professional standards, we also have a comprehensive Professional Responsibility\nand Quality Assurance program.\n                                        Office of Audit\nOA conducts and/or supervises financial and performance audits of the Social Security\nAdministration\xe2\x80\x99s (SSA) programs and operations and makes recommendations to ensure\nprogram objectives are achieved effectively and efficiently. Financial audits assess whether\nSSA\xe2\x80\x99s financial statements fairly present SSA\xe2\x80\x99s financial position, results of operations, and cash\nflow. Performance audits review the economy, efficiency, and effectiveness of SSA\xe2\x80\x99s programs\nand operations. OA also conducts short-term management and program evaluations and projects\non issues of concern to SSA, Congress, and the general public.\n\n                                    Office of Investigations\nOI conducts and coordinates investigative activity related to fraud, waste, abuse, and\nmismanagement in SSA programs and operations. This includes wrongdoing by applicants,\nbeneficiaries, contractors, third parties, or SSA employees performing their official duties. This\noffice serves as OIG liaison to the Department of Justice on all matters relating to the\ninvestigations of SSA programs and personnel. OI also conducts joint investigations with other\nFederal, State, and local law enforcement agencies.\n\n                   Office of the Chief Counsel to the Inspector General\nOCCIG provides independent legal advice and counsel to the IG on various matters, including\nstatutes, regulations, legislation, and policy directives. OCCIG also advises the IG on\ninvestigative procedures and techniques, as well as on legal implications and conclusions to be\ndrawn from audit and investigative material. Finally, OCCIG administers the Civil Monetary\nPenalty program.\n                               Office of Executive Operations\nOEO supports OIG by providing information resource management and systems security. OEO\nalso coordinates OIG\xe2\x80\x99s budget, procurement, telecommunications, facilities, and human\nresources. In addition, OEO is the focal point for OIG\xe2\x80\x99s strategic planning function and the\ndevelopment and implementation of performance measures required by the Government\nPerformance and Results Act of 1993.\n\x0c"